[ovirt-users] Re: host certification is about to expire

Tue, 20 Apr 2021 23:59:32 -0700 

On Tue, Apr 20, 2021 at 9:07 PM Bill James <bill.ja...@j2.com> wrote:
>
> Thank you for reply.
> Notice Enroll cert was done 4/15, but still getting notices.
>
>
> engine.log:
>
> 2021-04-19 20:05:59,922-07 WARN  
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: 
> HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com 
> certification is about to expire at 2021-05-12. Please renew the host's 
> certification.
>
> ..
>
>
>
> 2021-04-15 20:25:47,964-07 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default 
> task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: 
> HostEnrollCertificateCommand internal: false. Entities affected :  ID: 
> 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group 
> EDIT_HOST_CONFIGURATION with role type ADMIN
>
> 2021-04-15 20:25:48,004-07 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: 
> HostEnrollCertificateInternalCommand internal: true. Entities affected :  ID: 
> 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
>
> 2021-04-15 20:25:48,012-07 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName 
> = ovirt1.j2noc.com, 
> SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf',
>  status='Installing', nonOperationalReason='NONE', 
> stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff
>
> 2021-04-15 20:25:48,021-07 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, 
> return: , log id: 2c9a2bff
>
> 2021-04-15 20:25:48,037-07 INFO  
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: 
> HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host 
> ovirt1.j2noc.com was started (User: 
> bill.ja...@j2global.com@j2global.com-authz).
>
> 2021-04-15 20:25:48,058-07 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName 
> = ovirt1.j2noc.com, 
> SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf',
>  status='Maintenance', nonOperationalReason='NONE', 
> stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c
>
> 2021-04-15 20:25:48,062-07 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
>
>  SetVdsStatusVDSCommand, return: , log id: e46428c
>
> 2021-04-15 20:25:48,069-07 INFO  
> [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command:  
> /usr/bin/ansible-playbook --ssh-common-args=-F 
> /var/lib/ovirt-engine/.ssh/config -v 
> --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa 
> --inventory=/tmp/ansible-inventory8413305606879978005 
> --extra-vars=ovirt_organizationname="j2noc.com" 
> --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
>
> MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
>
> CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
>
> MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
>
> A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
>
> AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
>
> 4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
>
> OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
>
> vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
>
> Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
>
> FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
>
> MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
>
> LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
>
> AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
>
> cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
>
> +LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
>
> IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
>
> PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
>
> -----END CERTIFICATE-----
>
> " --extra-vars=ovirt_san="IP:10.144.110.99" 
> --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" 
> --extra-vars=ovirt_vds_hostname="10.144.110.99" 
> --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" 
> --extra-vars=ovirt_signcerttimeoutinseconds="30" 
> --extra-vars=ovirt_ca_key="ssh-rsa 
> AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ"
>  --extra-vars=ovirt_vdscertificatevalidityinyears="5" 
> /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: 
> /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
>
>
>
> ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log
>  attached.
>
>
>
> On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <d...@redhat.com> wrote:
>>
>> On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.ja...@j2.com> wrote:
>> >
>> > I get this message from ovirt:
>> > Message:Host <hostname> certification is about to expire at 2021-05-12. 
>> > Please renew the host's certification.
>> >
>> > I tried putting host in maintenance mode and running "enroll certificate". 
>> > Didn't help.
>>
>> Please check/share relevant logs (on the engine machine) -
>> /var/log/ovirt-engine/engine.log and
>> /var/log/ovirt-engine/host-deploy/* . Thanks.
>>
>> >
>> > How do I renew the certificate?
>>
>> 'Enroll Certificate' should have worked. In principle you can also try
>> 'Reinstall', which is not that much more drastic than 'Enroll
>> Certificate' on a working host, but does do a bit more.

I think "Enroll Certificate" does not restart vdsm, but vdsm probably
only reads the new cert on startup. So perhaps try to put the host to
maintenance and 'systemctl restart vdsmd' (or just reboot).

Best regards,
-- 
Didi
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6H7FIYXVMK34MSRX7KRB4EPVSCZORL6J/

Reply via email to